Computer viruses are rapidly evolving and becoming more and more complex and diversified, with large number of new viruses emerging every day, while relatively speaking, security software is lagging behind. Thus, it is vital for security software to quickly collect and analyze the latest viruses to timely provide a high level of protection for user's computers.
Currently, the security software installed on the client monitors suspicious software activities on the network. When the security software on the client scans an unknown file, it uploads the unknown file to a cloud server; the cloud server will automatically analyze and process the unknown file to obtain the latest information on Trojans and malware on the Internet, and then distribute anti-virus solutions to the clients.
In scanning an unknown file, the current security software on the client does not know whether the unknown file is a suspicious file, but simply put the unknown file at the end of a file upload queue to be uploaded. Some security software limits the number of files to be uploaded, and if the file upload queue is full, then a suspicious file might not be able to be put into the queue. Also, the suspicious file might have entered the file upload queue, but might not be able to be uploaded while the files ahead of the suspicious file are uploaded, possibly due to user operation. Moreover, there could only be one suspicious file among a large number of unsuspicious files, and the suspicious file might not be uploaded, while a large number of unsuspicious files are uploaded. Thus, the upload mechanism of security software may present some of the newest viruses or other dangerous files from being uploaded to the cloud server and being timely detected or removed by the security software, which degrades the efficiency of cloud servers in collecting suspicious files and impairs the security of computer systems.